WIXLIB

Information ManagementData SheetIBM InfoSphere GuardiumManaging the entire database securityand compliance life cycleLeading organizations across the world trust IBM to secure theircritical enterprise data. The fact is, we provide a simple, robust solutionfor safeguarding a broad range of enterprise systems used to storefinancial and ERP information, customer and cardholder data, andintellectual property.Our enterprise security platform prevents unauthorized or suspiciousactivities by privileged insiders and potential hackers. It also monitorspotential fraud by users of enterprise applications such as OracleE-Business Suite, PeopleSoft, SAP and in-house systems.At the same time, our solution optimizes operational efficiency with ascalable, multi-tier architecture that automates and centralizes compliancecontrols across your entire application and database infrastructure.But as remarkable as this solution is for what it does, it’s equallyremarkable for what it doesn’t do. It has negligible impact onperformance, does not require changes to your databases and does notrely on native database logs or auditing utilities.

Information ManagementData SheetReal-time database security and monitoring Prevent cyberattacks Monitor and block privileged users Detect application-layer fraud Enforce change controls Real-time alerts Automated and centralized controlsAuditandReportMonitorandEnforce Control firecall IDs Discover embeddedmalware and logic bombs Sign-off management Entitlement reporting No database changesCriticalDataInfrastructure Continuously updatesecurity policies Preconfigured policies/reports Minimal performance impact SIEM integration Find and classifysensitive data Cross-DBMS audit repositoryFindandClassifyAssessandHarden Assess static andbehavioral databasevulnerabilities Configuration auditing Preconfigured testsbased on best practicesstandards (STIG, CIS, CVE)Unified Solution: Built on a single unified console and back-end data store, InfoSphere Guardium offers a family of integrated modules for managing theentire database security and compliance life cycle.The IBM InfoSphere Guardium solution addresses theentire database security and compliance life cycle with aunified web console, back-end data store and workflowautomation system, enabling you to: Find and classify sensitive data in corporate databases.Assess database vulnerabilities and configuration flaws.Ensure that configurations are locked down afterrecommended changes are implemented.Capture and examine all database transactions, includinglocal access by privileged users — for all supported platformsand protocols — with a secure, tamper-proof audit trail thatsupports separation of duties.Track activities on major file sharing platforms. 2Monitor and enforce policies for sensitive data access,privileged user actions, change control, application useractivities and security exceptions such as login failures.Automate the entire compliance auditing process —including report distribution to oversight teams, sign-offand escalat ions — with preconfigured reports for SOX,PCI Data Security Standard (DSS) and data privacy.Create a single, centralized audit repository for enterprisewide compliance reporting, performance optimization,investigations and forensics.Easily scale from safeguarding a single database toprotecting thousands of databases in distributed datacenters around the world.

Information ManagementData SheetFind and classifyAutomated vulnerability, configuration and behavioralassessmentAs organizations create and maintain an increasing volume ofdigital information, they are finding it harder and harder tolocate and classify sensitive information.The database security assessment capability of InfoSphereGuardium scans your entire database infrastructure forvulnerabilities and provides an ongoing evaluation ofyour database security posture, using both real-time andhistorical data.Locating and classifying informationLocating and classifying sensitive information is especiallychallenging for organizations that have experiencedmergers and acquisitions or for environments where existingsystems have outlasted their original developers. Even inthe best of cases, ongoing changes to application anddatabase structures — required to support new businessrequirements — can easily invalidate static security policiesand leave sensitive data unknown and unprotected.It provides a comprehensive library of preconfigured testsbased on industry best practices (CVE, CIS, STIG), alongwith platform-specific vulnerabilities, which are updatedregularly by the InfoSphere Guardium Knowledge Baseservice. You can also define custom tests to match specificrequirements. The assessment module flags compliancerelated vulnerabilities such as unauthorized access to reservedOracle E-Business Suite and SAP tables for compliance withSOX and PCI DSS.Organizations find it particularly difficult to: Map out all database servers containing sensitiveinformation and understand how it is being accessed fromall sources (line-of-business applications, batch processes,ad hoc queries, application developers, administratorsand others).Secure information and manage risk when the sensitivity ofstored information is unknown.Ensure compliance when it isn’t clear which information issubject to the terms of particular regulations.Assessments are grouped into two broad categories: Automatically locate, classify and secure sensitiveinformationWith InfoSphere Guardium, you use database auto-discoveryand information classification to identify where confidentialdata is stored and then use customizable classification labels toautomate enforcement of security policies that apply toparticular classes of sensitive objects. These policies ensurethat sensitive information is only viewed and changed byauthorized users. Sensitive data discovery can also bescheduled to execute regularly to prevent the introduction ofrogue servers and ensure that no critical information is“forgotten.”Vulnerability and configuration tests check forvulnerabilities such as missing patches, misconfiguredprivileges and default accounts.Behavioral tests identify vulnerabilities based on howdatabases are being accessed and manipulated — such asan excessive number of login failures, clients executingadministrative commands or after-hours login — bymonitoring all database traffic in real time.In addition to producing detailed reports, along withsupporting data, the assessment module generates a securityhealth report card. The report card not only includes weightedmetrics based on best practices and industry standard referencenumbers, but it also recommends concrete action plans tostrengthen database security.Configuration lock-down and change trackingAfter you have implemented the actions recommendedin the vulnerability assessment, you can establish a secureconfiguration baseline. The InfoSphere GuardiumConfiguration Audit System can monitor changes tothis baseline and make sure they are not made outside ofyour authorized change control policies and processes.Assess and hardenDatabase environments are highly dynamic, with changes inaccounts, configurations and patches occurring regularly.Most organizations lack the skilled resources to reviewchanges systematically to determine if they have introducedsecurity gaps.3

Information ManagementData SheetMonitor and enforceinclude real-time security alerts (SMTP, SNMP, Syslog);software blocking; full logging; user quarantines; and customactions such as shutting down VPN ports and coordinatingwith perimeter IDS/IPS systems.Escalating threats to sensitive data, along with growingcompliance mandates, are driving organizations to seekeffective means of monitoring database activities enterprisewide and preventing unauthorized activities in real time.Tracking and resolving security incidentsCompliance regulations require organizations to demonstratethat all incidents are recorded, analyzed, resolved in a timelymanner and reported to management. InfoSphere Guardiumprovides a business user interface and workflow automationfor resolving security incidents, along with a dashboard fortracking key metrics such as number of open incidents,severity levels and length of time incidents have been open.Monitor and enforce policies for database security andchange controlInfoSphere Guardium provides granular, real-time policies toprevent unauthorized or suspicious actions by privilegeddatabase accounts and attacks from rogue users or outsiders.You can also identify application users that make unauthorizedchanges to databases with multi-tier applications that accessdatabases from a common service account, such as OracleE-Business Suite, PeopleSoft, Siebel, SAP, IBM Cognos software and custom systems built on application servers suchas Oracle WebLogic, Oracle AS and those in the IBMWebSphere family.Audit and reportGrowing volumes of data, often physically distributedthroughout an enterprise, are making it increasingly difficultfor organizations to capture and analyze the detailed audittrails required for validating compliance.The solution can be managed by information securitypersonnel without involving database administrators (DBAs).You can also define granular access policies that restrict accessto specific tables based on operating system login, IP or MACaddress, source application, time of day, network protocol andtype of SQL command.Capturing a granular audit trailInfoSphere Guardium creates a continuous, fine-grained trailof database activities that is contextually analyzed and filteredin real time to implement controls and produce the specificinformation required by auditors.Continuous contextual analysis of all database trafficThe resulting reports demonstrate compliance by making itpossible to view database activities in detail, such as loginfailures, escalation of privileges, schema changes, accessduring off-hours or from unauthorized applications and accessto sensitive tables. For example, the system monitors:InfoSphere Guardium continuously monitors all databaseoperations in real time, using linguistic analysis to detectunauthorized actions based on detailed contextualinformation — the “who, what, where, when and how” ofeach SQL transaction. This contextual approach minimizesfalse positives and negatives while providing a significantlevel of control, unlike traditional approaches that onlylook for predefined patterns or signatures. Baselining to detect anomalous behavior and automatepolicy definition By creating a baseline and identifying normal businessprocesses and what appear to be abnormal activities, thesystem automatically suggests policies you can use to preventattacks such as SQL injection. Intuitive menus make it easyto add custom policies. Proactive, real-time security InfoSphere Guardium provides real-time controls forresponding to unauthorized or anomalous behaviors beforethey can do significant harm. Policy-based actions can 4Security exceptions such as SQL errorsCommands such as CREATE/DROP/ALTER that changestructures, which are particularly important for datagovernance regulations such as SOXSELECT/READ/OPEN commands, which are particularlyimportant for data privacy regulations such as PCI DSSData manipulation commands (for example, INSERT,UPDATE, DELETE), including bind variablesData Control Language commands that control accounts,roles and permissions (GRANT, REVOKE)Procedural languages supported by each DBMS platformsuch as PL/SQL (Oracle) and SQL/PL (IBM)XML executed by the databaseChanges to Microsoft SharePoint objects